16

How can I limit the number of active logins per user?

I've seen this on various servers before, and I was wondering how I could set this up myself. Perhaps in those cases, this was accomplished by limiting the number of active SSH logins per user? And I guess that would be the way to go. How would I set this up?

Improve this question

3 Answers 3

Reset to default
12

/etc/security/limits.conf, at least on Debian. Path may vary a little by distro. There is an example in the file to limit all members of the student group to 4 logins (commented out):

#<domain>      <type>   <item>          <value>
@student       -        maxlogins       4

You could do * instead of a group, but make sure not to hit users you don't want to limit (e.g., a staff member)

Improve this answer
1
  • 4
    For quick googlers: @student means the members of the "student" group. To limit only the user "student", remove the "@" from the beginning. Commented Sep 16, 2019 at 15:07
6

According to the man of limits.conf you can set restrictions in /etc/security/limits.conf:

maxsyslogins 
maximum number of all logins on system

So you can set (2 logins):

* hard maxsyslogins 2

In another post is said not to use /etc/security/limits.conf. I could not find anything related to that except that value which is set in /etc/security/limits.d/*.conf file will override the same value in /etc/security/limits.conf.

From man pag of pam_limits:

By default limits are taken from the /etc/security/limits.conf config file. Then individual *.conf files from the /etc/security/limits.d/ directory are read. The files are parsed one after another in the order of "C" locale. The effect of the individual files is the same as if all the files were concatenated together in the order of parsing. If a config file is explicitly specified with a module option then the files in the above directory are not parsed.

Improve this answer
1
  • maxsyslogins is the total limit, not the per-user one that was asked... Commented Nov 16, 2017 at 13:34
3

On modern GNU/Linux systems, pam_limits can limit the number of sessions per user.

In order to limit the number of sessions per user, you can add entries to a file in /etc/limits.d/ (say /etc/limits.d/maxlogins.conf)

# Some of the lines in this sample might conflict and overwrite each other
# The whole range is included to illustrate the possibilities
#limit users in the users group to two logins each
@users       -       maxlogins     2
#limit all users to three logins each
*            -       maxlogins     3
#limit all users except root to 20 simultaneous logins in total
*            -       maxsyslogins     20
#limit in the users group to 5 logins in total
%users       -       maxlogins     2
#limit all users with a GID >= 1000 to two logins each
1000:        -       maxlogins     2
#limit user johndoe to one login
johndoe      -       maxlogins     2

Other Unix-like OSes and systems without the pam_limits module would differ.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.